Carlos,
SHORT SUMMARY: Find out if your ISP's web server is configured to
allow per-directory access control, normally done using files named
".htaccess" and ".htpasswd" (optionally ".htgroup" as well, but that's
likely more trouble than it's worth). Use of this mechanism will
trigger the standard UserID/Password mechanisms in the server and
the visitor's web browser.
Unless you have a friendly contact there who can tell you, you may
just have to try it to see if it works.
TEDIOUS DETAILS FOLLOW:
A per-directory ACF, named ".htaccess" by default, lets you specify
to the server any exceptional handling you want applied to files in
an individual directory. (More about this in a few moments.)
You will also need to have access to an executable copy of a utility
called "htpasswd", used to create a password file for the directory
you want to protect. If you have shell login access to your ISP
account (and are comfortable running unix commands), you can check to
see whether that utility is available to you. If not, I believe that
the c source for that utility can be found on the net, and you can
compile and run it on your own box.
Use "htpasswd" to create a user password file called ".htpasswd" in
the directory you want to protect (or create it on your own box and
ftp it to that directory). Let's assume that you have done so, with
a user name of "Yewzer" and associated password of "s3cr3t".
Assuming that your web directory is somthing like
/users/carlos/public_html/
and you want to protect the "members-only" subdirectory under that
directory. NOTE that you need the actual directory on the host box,
not a relative directory such as might appear in a url of
http://www.ispname.com/~carlos
You create a file called ".htaccess" in the members-only directory.
That file would contain
AuthUserFile /users/carlos/public_html/members-only/.htpasswd
AuthGroupFile /dev/null
AuthName By Secret Password Only!
AuthType Basic
<Limit GET>
require user Yewzer
</Limit>
As a result of having these two files in your members-only directory
(assuming, again, that your ISP's server is configured to allow all
of this to behave properly), when someone tries to get a file from
that directory, such as
http://www.ispname.com/~carlos/members-only/loveletters.html
their browser will display the standard user authentication
dialog box. That person will have to type
Yewzer
into the User ID field and
s3cr3t
into the password field.
This may appear to you to be a large effort -- it certainly was for
me the first time I tried to figure it all out and get it working!
The key question is simply whether your information deserves that
amount of security.
For more information, check the Apache web site at
http://www.apache.org/
or the O'Reilly & Associates book
_Managing_Internet_Information_Services_
Chapter 21, "Web: Access Control and Security".
Hope this helps!
-jn-
[EMAIL PROTECTED] wrote:
>
> Hi Carlos,
>
> Since you have so many limitations on the server side, here are my
> suggestions. These won't give you a great deal of security, but will help
> limit access to the files and won't require the recipient to have a copy of
> REBOL..
>
> 1. Create a page with the default file name ie index.htm or whatever, this
> is to prevent directory browsing.
> 2. Place files in this directory.
> 3. Email the filename & paths to those who are allowed to access these files
> 4. Rename the files once a week or so to help control who has access.
>
> Use REBOL to automate as much of the above as you like...
>
> Cheers,
>
> Allen K
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, January 01, 1998 11:04 PM
> Subject: [REBOL] Simple Password Checking Re:(2)
>
> Thank you Ted for your comments but actually I have no such a web server
> where I can manipulate permissions and so on. My website is hosted by some
> guys I don't even know but don't allow CGI scriptting on their server.
>
> I need to find ways that don't envolve server side solutions to handle
> protection file stuff.
>
> It seems that only with a Java Applet I could do that. Am I wrong?
>
> -----Original Message-----
> From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Thursday, December 30, 1999 5:13 PM
> Subject: [REBOL] Simple Password Checking Re:
>
> Why don't you want them to enter their own username and password?
>
> If that's not a critical requirement, and if you're using an Apache Web
> server, you should be able to do this just by editing a permissions file in
> whatever directories you want to protect. The browser would then prompt for
> the username and password automatically, and there is nothing else to do.
> Under Windows, I think if their desktoip login name/password matches a
> Website user/password, they might not be prompted at all, but I would have
> to check that.
>
> Another approach would be to use a script that checked the password in
> an internal file, and then passed them the URL to download from a secret
> directory on your server. If you didn't want them to bother with a password
> the second time, from the same location, you could save the user information
> in a cookie.
>
> In either case, they wouldn't need REBOL on their machines. It can all
> be handled server side. Entering the username/password at least once seems
> simpler than getting people to install REBOL to run one script.
>
> If this is a critical requirement for same reason, another idea might be
> to distribute a HTML page with their username and password embedded in a
> "click me" hyperlink, which would then send this to a server-side script
> (see approach /2).
>
> -Ted.
>
> *********** REPLY SEPARATOR ***********
>
> On 12/30/1999 at 3:28 PM [EMAIL PROTECTED] wrote:
> Hi Rebols,
>
> I'm fighting against the idea of having to learn Perl or Java just
> to get this small project:
>
> I'm considering the possibility of having a script on my web site
> that could grant permission to some users to download files according to the
> rights they have.
>
> The idea is to distribute REBOL.EXE to the people I want to access
> my web site so they can login without having to enter USERNAME & PASSWORD.
>
> All they have to do is to run this script that probably will have to
> have their username & password values inside it and also what files each
> user can download.
>
> Since username and password match, the script will write on user's
> machine their files.
>
> Is it possible?
>
> Does anyone here would like to make me a draft of this in REBOL?
> Some code I could use as a start point, since I'm a beginner.
>
> Thanks for any help
>
> Happy New Year to you all from Brazil!!!!!!!!!!!!!!!!!
>
> Carlos
